Security and Privacy Issues
in VR Media Clouds

by Dave Zimmerman

Posted on March 1, 2020 at 12:30 PM

Virtual Zen Garden

In this report, the convergence of media cloud and virtual reality (VR) technologies will be explored in relationship to security and privacy of users. VR as a SaaS could provide scalable cloud services such as 360/6DoF video streaming, multiplayer interactive gaming, telepresence and live event streaming and broadcasting. For these cloud services to work, many challenges must be overcome, including high capacity, low-latency computing, low-latency communication, reliable communication and scalability. 5G technology could provide solutions to these challenges with millimeter wave (MMW) communications, edge computing, proactive computing/caching, multiconnectivity and multicasting. These technologies will engage Big Data management systems and could impact cloud service consumers in new and unexpected ways. Investigation and further elaboration on the nature of these challenges/solutions will be provided along with personal views on the subjects covered within the context of privacy and security.


The Relationship between VR and
Cloud Media Services


Media Processing in the Cloud

VR and immersive media technology has made great leaps in development. However, current 4G solutions are still limited by mobility and processing power. As a uniquely subjective experience, VR content is dynamic and context sensitive. With VR displayed at 4K resolution at 30 FPS with 24-bit colour at a 300:1 compression ratio would require bit rates of up to 300 Mb/s for photorealistic quality VR, 5G will be required to support mobile high-resolution social VR. To ensure a high quality experience, cloud assisted multimedia processing with context-aware multimedia rendering could be used to create content to be cached on the cloud’s edge for low-latency retrieval, streaming and distribution.


Mobile Media Clouds

These services will be crucial for VR content such as 8K 360 stereoscopic video. Even when using MPEG DASH to encode the video, the sheer volume of data to be transfered would require mobile clouds to make use of clusters and available cloud heads to share resources,  optimise efficiency and maintain performance. To address the massive capacity needed for Media Processing-as-a-Service (MPaaS), the bandwidth spectrum could expand to include MMW frequencies. MMW communication used in mobile edge computing with proactive computing/caching, could allow multimedia content predicted to be usable to multiple users within a community cloud to be processed, indexed, queryed and distributed with low-latency. Mobile devices accessing multiple generations of network connectivity could enable low-latency communication and with multicasting, more reliable transmissions can be achieved. Through load-balancing, scalable VR cloud services could be accessable by thin clients by processing VR content on the cloud edge, with less latency-sensitive processing conducted deeper within the cloud and more latency-sensetive processing conducted on the device.


5G/VR technologies in regards to
security and privacy


Basic Concepts

Privacy and security of user data has been a long standing issue in online computing, with social media misuse becoming a subject of increasing concern to users, industries and governments alike, as demonstrated by the revelations regarding Cambridge Analytica and their manipulation of big data to influence democratic processes. With the move to social VR platforms and multiplayer online VR gaming, users will want their privacy to be preserved without impediment or compromise to experience. Typically, cloud VR users would prove their identities with passwords and digital certificates, but this information can be stolen and misused to the detriment of all associated cloud computing system users, as Xiao explains, “In mobile cloud computing, the problem is even severe because mobile devices often lack of computing power to execute sophisticated security algorithms. Moreover, it is difficult to enforce a standardized credential protection mechanism due to the variety of mobile devices.” The volume of data generated by mobile VR users to be further implimented by mobile VR applications will be immense and upholding integrity of data while ensuring authenticity and confidentiality of utmost importance to all cloud service providers. To this end, big tech companies have produced redundant server systems to maximise the availability of data and minimise media cloud downtime.


Threats & Risk Management

With companies like Google and Microsoft at the forefront of VR development, accessing their cloud services is convienient to many users, who already trust their security protocols in other cloud computing applications. Nonetheless, mobile cloud computing resources are not infinite and the capabilities of mobile devices and their sensors is limited which means that  security protocols that are designed around power-efficiency and low-latency should increase security on the cloud and mobile devices alike. To accomodate the scale of activity, mobile VR services can employ public cloud support.

Through public clouds, social VR could make use of community clouds to organise and manage virtual activities. If user credentails are not kept secure, mobile VR user accounts can be stolen and used to conduct spoofing attacks, which could result in the profiling of users, identity theft, and ultimately, losing control of the user’s virtual self. When connecting to the cloud, there is always a risk that the user can be vulnerable to threat agents at any point in a session. The attacks can come from a variety of sources from anonymous attackers, malicious service agents, malicious insiders and trusted attackers with intent to steal and/or damage data. It is the responsibility of the cloud service provider to assess, treat and/or control potential risks wherever it can find them.


Cloud Security Mechanisms

Threat agents exploit cloud computing systems through a wide range of vulnerabilities including weak security policies, flaws in the hardware, bugs in the software, poor security architecture and many more. Breaches in security are not uncommon, so cloud service providers impliment security mechanisms to ensure that stolen data is practically useless. For example, through SSL encryption, it is possible to transmit encoded text-based data and make the data unreadble without an encryption key from the intented reciever of the data. To protect stored data, Hashing code can be used to lock down data if a malicious action has been detected, and to verify the authenicity of a user, digital certificates can be generated.



Discussions and thoughts


Media Cloud Economics

The economic and technological drivers behind VR have gained increasing momentum over several decades. Initially considered a novelty for gamers, VR’s true potential could only be imagined through films like “The Matrix”. With the advent of mobile cloud computing and 5G, VR is set to become a cloud service all its own. With improvements in performance and reliability coupled with reductions in latency and costs, availability of resilient collaborative VR-as-a-Service (VRaaS) could radically transform the way people work, and play. Investment into VraaS business ventures is currently the highest it has ever been. With upfront and ongoing costs coming from rapidly evoloving VR media creation hardware and software, raising the initial capital can be difficult, but if the service providers employ existing cloud computing networks, many infrastrucural expenses can be mitigated. I feel that this will likely lead to engagement with virtual reality being more accessible, profitable and further drive technological and commercial innovation.


Service Level Agreements (SLAs) & Service quality metrics

I don’t know what the long term impact of cloud VR on industry will be. I think that security is important to cloud computing users, and with VR, security of their virtual selves could determine whether or not they engage in VR. To establish trust between a VRaaS provider and a user, SLAs are issued which describe what the user will be able to do through the service, and what the service can and cannot do within legal and ethical constraints. SLAs declare a guaranteed level of Quality of Service (QoS) for runtime metrics & quality measurements including availability, reliability, performance metrics, scalability and resiliency. This is usually contained within a “terms & conditions” prompt screen to which the user must agree with in order to proceed to use the service.


Business models

While in theory, a potential user of the service could read though the SLA and then decide whether or not to use the service, in practice, I feel that most people just check off that they read and agree with the terms and conditions, then carry on to use the service. For the provider, the cost of running VRaaS could be quite high due to the design and development of immersive experiences and without 5G, its not practical for small businesses. When mobile VR becomes more viable, social VR platforms will emerge. VR technology has the potential to collect vast amounts of user data, from emotional reactions to body language, which could be concerning for some potential users. Some VR platforms may use the existing models social media that are free to use, but harvest user data to sell. While other platforms may choose to adopt a paid format which preserves user privacy, but is priced based on how it is used, data usage and storage, and/or a microtransactional system. Of the two models, I feel that a paid service would be more beneficial to VR users. The intimate nature of the VR experience could be compromised if users feel that they are being monitored.





Applying cloud computing to VR will showcase its speed and power in ways that will be relatable to the casual internet user and open up VR as a real tool for practical internet use as well as gaming and business services. I feel that 5G connectivity will transform many aspects of our digital lives. If it can be kept secure, I think that people will natually gravitate towards Mobile VR, since they will have most of the hardware in their pockets. Even so, the dangers of social media could be even more impactful in a virtual environment, especially if user data is handled irresponsibly. Ideally, I feel that a free, fully encrypted social VR platform would make social VR safe, secure and enjoyable.  I look forward to seeing what the future holds.